India, Sept. 4 -- A hidden flaw in WhatsApp just got patched, but the risk was massive.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about a zero-day in WhatsApp. Meta patched the bug, but it was bad. Hackers could have compromised devices with just one malicious message and exposed billions of users worldwide.

A zero-day is the holy grail for hackers, a bug before developers patch it. In WhatsApp's case, attackers only needed a phone number to send a crafted message that would execute code silently in the background. That code could install spyware, extract files, or even take full control of the device.

"This is a big deal because of the scale," said a CISA analyst. "An app with 2 billion users...